|
Posted by Will on October 17, 2007, 3:53 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Let us suppose the server name is FS. In Internet Explorer, you add
> file://fs to the Local Intranet sites list. It should now evaluate FS
> as Local Intranet, whether or not you access it over mapped drive or
> straight UNC. Now if you have a large environment, you might map all
> drives using FQDNs. Say it is Fs.domain.local. Add file://*.domain.local
> to the Intranet zone. This then adds all servers in the domain into
> the Intranet zone.
Yes, you would think that would work. But what I was trying to report was
that we did add both:
file://fs
file://fs.fqdn.com
and the security settings are NOT working against mapped drives that use
those servers.
--
Will
|
|
Posted by on October 17, 2007, 4:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Ok, let's get back to basics because this is something that I have not
seen. What is the OS and IE version on the client machines? What is
the OS on the file server? How are you determining what security zone
is being used.
J Wolfgang Goerlich
> Yes, you would think that would work. But what I was trying to report was
> that we did add both:
>
> file://fs
> file://fs.fqdn.com
>
> and the security settings are NOT working against mapped drives that use
> those servers.
>
> --
> Will
|
|
Posted by Will on October 17, 2007, 7:31 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Ok, let's get back to basics because this is something that I have not
> seen. What is the OS and IE version on the client machines? What is
> the OS on the file server? How are you determining what security zone
> is being used.
OS is Windows 2003 Web Edition, which is a member server in a domain in a
one-domain forest. Browser is MSIE 7, and all Windows updates are applied
to OS and MSIE.
Security Zone is accessed by:
1) Double click on Internet icon on bottom right corner of open MSIE 7
window or desktop Explorer window. Optionally, in MSIE 7, go to Tools |
Options, and select Security tab.
2) Select Local intranet security zone.
3) Press Sites button and Advanced interface.
4) Add the following into Websites list:
file://fs
file://fs.fqdn.com
file://192.168.99.99
where 192.168.99.99 is the IP address of the file server.
I think I have located the problem, and I think this is a clear bug. If
you define the mapped file share with:
net use z: 2.168.99.99\sharename
the drive will map correctly, but MSIE 7 is NOT able to process the security
zone information properly using the IP address directly. If you now change
the above to reference either NetBIOS or FQDN, the security zone information
will process correctly when accessing a program from Explorer using the
drive letter mapping.
The above should contain enough information for you to duplicate the bug,
but I would caution you to not redefine any existing drive mappings,
because in my testing just now I saw some kind of caching of the original
definition that affected the test result. Map your file server's IP to a
*NEW* drive letter, then try to execute a program using that drive letter,
and the security zone will show as Internet even as you browse the drive's
file tree in Explorer.
I cannot think of any reason why this behavior would be a feature or desired
behavior, particularly not when I am adding file:// with an explicit IP
address and it still doesn't take the security zone settings for that IP.
--
Will
>> Yes, you would think that would work. But what I was trying to report
>> was
>> that we did add both:
>>
>> file://fs
>> file://fs.fqdn.com
>>
>> and the security settings are NOT working against mapped drives that use
>> those servers.
>>
>> --
>> Will
|
|
Posted by Will on October 17, 2007, 10:45 pm
If you were Registered and logged in, you could reply and use other advanced thread options
http://support.microsoft.com/kb/303650
With reference to IP addresses in the UNC, it's extremely unclear after
reading that article when does it work, not work, can you work around it, or
not. All in all, a complete mess.
--
Will
> Ok, let's get back to basics because this is something that I have not
> seen. What is the OS and IE version on the client machines? What is
> the OS on the file server? How are you determining what security zone
> is being used.
>
> J Wolfgang Goerlich
>
>> Yes, you would think that would work. But what I was trying to report
>> was
>> that we did add both:
>>
>> file://fs
>> file://fs.fqdn.com
>>
>> and the security settings are NOT working against mapped drives that use
>> those servers.
>>
>> --
>> Will
|
|
Posted by on October 18, 2007, 7:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
Duplicated. Windows 2003 Standard Server using IE 7. My test network
as 10.5.0.0/16.
I added the following into IE's Intranet Zone the site file://10.5.*.*.
If I browse to the UNC .5.13.32\Share using Windows Explorer, the
status bar shows it as Local Intranet. I then map the share (net use
z: .5.13.32\Share). Browse to Z:\ using Windows Explorer, the
status bar shows it as Internet.
This happens whether or not Internet Explorer Enhanced Security
Configuration is installed.
Very interesting. I will do some more digging on this.
J Wolfgang Goerlich
> It appears that this is the article that discusses the problem I am seeing:
>
> http://support.microsoft.com/kb/303650
>
> With reference to IP addresses in the UNC, it's extremely unclear after
> reading that article when does it work, not work, can you work around it, or
> not. All in all, a complete mess.
>
> --
> Will
>
>
>
>
>
> > Ok, let's get back to basics because this is something that I have not
> > seen. What is the OS and IE version on the client machines? What is
> > the OS on the file server? How are you determining what security zone
> > is being used.
>
> > J Wolfgang Goerlich
>
> >> Yes, you would think that would work. But what I was trying to report
> >> was
> >> that we did add both:
>
> >> file://fs
> >> file://fs.fqdn.com
>
> >> and the security settings are NOT working against mapped drives that use
> >> those servers.
>
> >> --
> >> Will- Hide quoted text -
>
> - Show quoted text -
|
| Similar Threads | Posted | | How to Add Network Share Mapped to Drive Letter to Intranet Security Zone? | March 31, 2007, 10:48 pm |
| restricted sites zone in IE | December 19, 2005, 3:06 pm |
| Upon Logon, IE Trusted Sites trying to automatically be added -- help. | July 25, 2005, 8:20 pm |
| Security to limit creating new folders in shared network drive | September 7, 2005, 12:11 am |
| Local v. Network Security | October 24, 2005, 4:32 pm |
| Security issue sharing folders on local network? | May 7, 2008, 6:48 am |
| requesting cert from local CA: "no trusted certificate authorities available" | November 6, 2006, 12:58 pm |
| Service running as Local system account Unable to map drive on ano | December 23, 2005, 8:10 am |
| adding password disables network drive access | July 26, 2006, 9:42 am |
| Local v. Network Permissions | October 24, 2005, 4:37 pm |
|
XML site map